Featured Product
This Week in Quality Digest Live
Standards Features
Using the CASCO Toolbox to repair and restore
Todd Hawkins
Good documentation is worth the effort you put into it
Rupa Mahanti
With data as the fuel of the digital economy, data governance is the much needed brake
Bryan Christiansen
Workplace policies that reduce accidents and enhance safety
Chip Reavley
Well-designed solutions lower costs and increase revenue

More Features

Standards News
Creates one of the most comprehensive regulatory SaaS platforms for the industry
Yotrio and SunVilla to provide interactive, 3D-enabled assembly via BILT app
KCP25C grade with KENGold coating sets new standard for wear and productivity in steel turning
Takes action to mitigate risk of medical devices shortage
Standards, testing help autonomous vehicles drive safely
Offering production versatility and throughput with increased detection sensitivity and low energy consumption
New lines improve software capability and analysis
Automotive cybersecurity on Feb. 9, and AS9145 on Feb. 28

More News

Miriam Boudreaux


Evaluation and Reevaluation of Suppliers

You decide who, what, and how a supplier directly affects the conformance and the quality of your products and services.

Published: Thursday, September 10, 2009 - 08:24

The ISO 9001 standard’s requirements with regard to suppliers are very short and concise but carry a lot of punch. These requirements can be very deceiving and in fact are often misinterpreted and carried out poorly or partially. By implementing the clause correctly, an organization will get the full extent of the benefits sought out by the standard. I am going to explain in this article the intent of the standard regarding suppliers and the best way to accomplish supplier management.

What the standard requires

ISO 9001 standard requires that a supplier be evaluated, selected, and reevaluated. Specific requirements related to the supplier’s evaluation are found in two places:

  • Subclause 7.4 Purchasing. The second paragraph requires the organization to evaluate and select suppliers based on their ability to supply product in accordance to the organization’s requirements. It adds that criteria for selection, evaluation, and reevaluation of suppliers be established, and that records of results and actions be maintained.
  • Subclause 8.4 Analysis of data. This subclause requires the organization to determine, collect, and analyze appropriate data regarding suppliers to demonstrate the suitability and effectiveness of the quality management system (QMS), and to evaluate where continual improvement can be made.

Which suppliers are affected by the requirements?

There are two definitions to consider before we start discussing further the intent of the standard in regard to suppliers. One is defining which suppliers are affected by the requirements of the standard, and the other is defining the difference between vendors and suppliers.

The suppliers that are affected by the standard are those that affect product or service conformance, or the quality of your products or services. I'm not talking about suppliers that provide products or services that don't affect the quality of your product or the quality of your own services. Here are a few examples:

  • Plastics. Your suppliers will be those companies that provide the raw materials for you, such as PVC, resin, color pigment, calibration services, etc.
  • Chemicals. Your suppliers could provide oxygen, nitrogen, stabilizers, water, calibration services, transportation (railroad), storage (warehouse), etc.
  • Banking services. Your suppliers could be security personnel, internet service providers, larger banks, etc.

In the first case of plastics, the absence of one of your primary raw materials would significantly affect the quality of your product; in fact, you may not be able to provide the product at all. Similarly, in the case of chemicals, the absence of water, for example, would be considered a critical problem if your product requires cooling or heating provided by water. In essence, the absence of these suppliers will make it harder for you to provide the same quality product or service as required by the customer.

These few examples also illustrate that I'm not talking about suppliers of coffee, food, office supplies, air conditioning, etc. Those would be considered products or services that would not directly affect the quality of your products or services. For example, in the absence of coffee or office supplies, could your products still be manufactured? In the absence of air conditioning, could you still provide your services? Of course. It could be argued that coffee indirectly helps improve employees' performance in the morning. It could also be argued that air conditioning helps employees feel more comfortable while at work. To a certain extent, this could be true. However, unless your product or service requires a controlled environment, it will be up to you to consider your air conditioning repair company in the supplier program. Essentially, these types of suppliers affect your products or services indirectly and don't need to be included in your supplier quality program.

The second aspect to remember here is that there is no difference between a vendor and a supplier. Some companies use the term “vendor,” such as in “vendor-approved list.” Other companies call them “supplier,” such as in “supplier-approved list.” Vendor or suppliers are synonyms and therefore interchangeable. I’ve seen some organizations call vendors those that provide you with products, and suppliers those that provide you with service, but that is not necessarily true. A vendor could supply a product or service just as a supplier could.

Criteria for evaluation of suppliers

ISO 9001 requires organizations to define the criteria to evaluate suppliers. The standard doesn't tell organizations how they should evaluate their suppliers or even what good characteristics they should look for in suppliers. You as an organization are going to determine what characteristics a supplier needs to have, demonstrate, or maintain to become a supplier for your company.

In establishing the criteria, you could consider for example some of the following elements:

  • Quality history
  • On-time delivery
  • Size of the company
  • Number of certifications the potential supplier possesses
  • Whether they have a quality management system or not
  • Whether they have documented procedure for the product/service they want to provide
  • Financial stability
  • Complaint history

As you can see, the evaluation criteria can be long. That’s why many organizations create some sort of survey or form in which they outline various questions and are able to evaluate the supplier in multiple dimensions. Some organizations consider ISO 9001 certification to be encompassing of various characteristics, and therefore would evaluate the supplier based on their ability to demonstrate that they are certified. That is a simple way to evaluate suppliers and may be your initial criteria. However, as part of the continuous improvement effort, you should seek criteria that will truly determine which suppliers are more suitable to provide you with excellent products and services.

Additional advice we give our clients is to first classify the suppliers. If you have a multitude of suppliers and you implement a survey to evaluate them, it will be very cumbersome to apply the same survey to 500 suppliers. If you segregate suppliers in levels (Level 1, Level 2, Level 3, etc.) based on how critical they are for your company, you may be able to apply different controls to each supplier level and therefore evaluate each category differently. For example, chemical companies may decide to classify suppliers based primarily on raw materials providers, transport carriers, warehouses, contractors, etc. In essence, you decide the classification that is best for you and evaluate suppliers according to the effect they have on your product or services—or simply put, in order of importance.

Criteria for selection of suppliers

Once the supplier evaluation criteria have been established and suppliers have been evaluated using such criteria, the next step is to select the suppliers based on the results of the evaluation. You as an organization are going to determine how your suppliers are going to be selected. Questions you may ask are:

  • Will one person be enough to approve any supplier or would you need two people?
  • Would an engineer’s signature be sufficient to approve any supplier or would you need a quality person also?
  • Would the chief finacncial officer or a representative from the finance department be needed to approve critical suppliers, along with the president, production manager, and quality manager?
  • Shall Level 1 suppliers be approved by a defined team of managers, while Levels 2 and 3 be approved by the hiring manager?

In the example of chemical companies, the organization may decide that carriers get approved by the logistics manager, while providers of oxygen, solvents, etc., get approval by a representative from the quality department in conjunction with a representative from operations and the plant manager. Contractors may get approved by a representative from maintenance along with a representative from engineering, or the head of engineering, if you so desire.

In essence, you decide the controls that are needed to select and approve the supplier. If you decided to segregate suppliers based on how critical they are for your organization, then approval requirements would also be commensurate according to the level of criticality. If you don't classify the suppliers, then you still have task to decide how suppliers are selected after evaluation is conducted.

Should approved suppliers be added to an approved supplier list?

You should be able to identify your approved suppliers, however, the use of an approved supplier list or an approved vendor list is not mandatory. Although some organizations may have a spreadsheet or other type of document listing all of their approved suppliers, others may have their approved suppliers as part of their material requirements planning (MRP) software, purchasing software, etc. Therefore if the supplier is listed in the MRP, then it means the supplier is approved.

Rather than trying to copy what other companies are doing, analyze what your company uses before you embark on creating a document just for the ISO standard’s purpose. If your purchases are done through an MRP system, then having a spreadsheet with a list of approved suppliers will require additional upkeep, such as updating the spreadsheet every time a new supplier is added or deleted from the MRP. If your MRP software is not capable of telling you who is approved, or who is active, or what level of criticality a certain supplier has, then you may indeed need to maintain two documents. My advice is to plan well before you create another document.

So with those two elements—evaluation and selection—you have covered one of the requirements of subclause 7.4 of ISO 9001. Unfortunately, many organizations end here, not fulfilling the extent of the requirements.

Criteria for reevaluation of suppliers

Once again, if you have a lot of suppliers and if you followed the advice of segregating suppliers in levels or tiers, then reevaluation should be much easier to accomplish. For example, you may decide that tier 1 critical suppliers will be revaluated every month based on supplier corrective actions, product returns, on-time delivery, or customer complaints related to the supplier; tier 2 suppliers will be reevaluated once a year based on supplier corrective actions; and tier 3 suppliers will be reevaluated every two years based on product returns.

Although the criteria mentioned in the above example is not a survey, most organizations will develop a survey that again, can combine various criteria and measure the supplier in different dimensions. However, a survey is not the only way to evaluate suppliers and in many cases is not even the optimum way; the information you obtain from reevaluation could very well help you with the requirement of analysis of data.

So, whether you segregate your supplier or not, you have to decide the criteria for reevaluation. If you don’t have many suppliers, then perhaps conducting the same evaluation for all suppliers will suffice. The idea is that your company should benefit from implementing supplier reevaluation so that your organization can monitor supplier performance and decide when to praise them and when to issue a red flag. In the end, a bad supplier will provide you with mediocre products and services, and ultimately will cause a problem with your own customers.

What happens in the long run?

It is very important that you pay close attention to the implementation of these activities because the way you establish how suppliers will be evaluated and reevaluated will have an effect on your company’s product and service quality.

It is really to your advantage to think this process out before you decide the criteria. If you decide to implement an evaluation that is too cumbersome then most likely the evaluation will be dropped out after one year and never be followed again. Perhaps initially, you develop a nice form, everybody works really hard to get everything done, and you get registered to ISO 9001. However, once everyone goes back to their normal business, they have a lot of work and guess what, the ball gets dropped and nobody will follow-up on anything that is time-consuming and useless. Therefore you have to really think through your methods so that they aren't only simple but also add value to your organization and can be easily monitored for years to come.

Analyzing data on suppliers

The requirement set forth in subclause 8.4 of ISO 9001 requires that you analyze data on suppliers. The intent of the standard is to show that you have visibility as to how your suppliers are performing and if they aren't performing, then you have the opportunity to do something about it. If you don’t analyze the data then you don’t have visibility. Therefore, what good does it do to fill out a bunch of paper forms for suppliers, stack them or file them, and never look at them? Yes, you may have conducted the reevaluation as planned but if you are not looking at the results, then there is no value to this exercise. That’s why this requirement is in place, to ensure that you analyze data on suppliers so that you know what is going on with them. Here are some good metrics to analyze:

  • On-time delivery
  • Return rates
  • Number of supplier corrective actions (SCAR)
  • Combination of the three items above

My advice is to think about analysis of data when you decide on your methods for supplier reevaluation. If the reevaluation is able to yield some kind of data that can be analyzed, then you will accomplish these requirements simultaneously. Otherwise, if you decide to reevaluate suppliers using a survey, you may have to figure out a different way to analyze data on suppliers, unless you can weigh the answers of the survey and somehow decide how suppliers are performing against a defined target. If you can say, supplier A is doing 90 percent, supplier B is doing 80 percent, and the goal for all suppliers is 95 percent—on whatever dimension you decide—then that is data that you can easily compare and act upon.

With clear information, making decisions regarding suppliers will be an asset to your company. Decisions such as dropping a supplier for poor performance, putting a supplier on probation, giving a supplier additional business because of excellent performance, etc. are just a few of the direct benefits of implementing requirement of subclause 7.4 of ISO 9001 effectively.


About The Author

Miriam Boudreaux’s picture

Miriam Boudreaux

Miriam Boudreaux is the CEO and founder of Mireaux Management Solutions, a technology and consulting firm headquartered in Houston, Texas. Mireaux’s products and services encompass international standards ISO and API consulting, training, auditing, document control and implementation of Web QMS software platform. Mireaux’s 6,500 square foot headquarters, located in the northwest area of Houston, houses their main offices as well as their state-of-the art training center. Mireaux itself is certified to ISO 9001:2015 and ISO 27001:2013. To get in touch with Miriam Boudreaux, please contact her at info@mireauxms.com.